Simple, Yet Effective Ways for SMBs to Improve Their Security Posture

This article is from the quarterly Canadian Overview, a newsletter produced by the Canadian member firms of Moore Stephens North America. These articles are meant to pursue our mission of being the best partner in your success by keeping you aware of the latest business news.

As we enter 2019, the security challenges faced by small to medium sized businesses will only continue to escalate and as such, it may be a good time to re-evaluate your company’s security posture. SMBs are often challenged by the fact that they do not possess the internal expertise required to correctly safeguard against current and persistent threats. As such, it is a good time to evaluate solutions that can greatly increase your security while being simple to deploy. All this, of course, does not ignore the fact that many more complex solutions—such as firewalls, multi-factor authentication, data-loss prevention systems, VPNs, vulnerability assessment tools, SIEM, and more—are advised. Yes, all of these should exist in your security tool set, however, there are certain solutions that require very little technical expertise and may provide far better returns than some of these more complicated safeguards.

The “Human Firewall”One of the most neglected elements of a network is the human element. In order to better safeguard your network, it is important to improve your “Human Firewall”. This refers to an end-user’s ability to detect harmful links or sites. According to the “2018 DATA SECURITY INCIDENT RESPONSE REPORT,” an analysis of 560 security events by BakerHostetler, one of the U.S.’s largest law firms, 34 percent of security incidents were related to phishing and as many as 18 percent of those involved ransomware. To this day the human element remains one of the most targeted in the security landscape. We can therefore greatly improve our security posture through better security and user awareness training programs. Many of these programs use a combination of simulated attacks, onboard and continued training program, and informative newsletters. With a simulated phishing attack, you can identify everything a user did with a phishing e-mail, such as:

Opening the malicious e-mail

Clicking on bad links within the e-mail

Opening dangerous, attached documents

Even running a macro within a contained document

Once the user’s actions are reported, it is easy to rectify the issue by enrolling them in additional awareness training. Certain sites will even report on e-mail addresses within the company that are at risk of phishing due to their external exposure. They obtain the information by crawling business social media networks and breach databases.

Although the success of a user awareness program may differ from one company to the next, some vendors of these platforms claim as much as a ten-fold reduction on users clicking on bad links within 12 months of having introduced the program.

DNS Security and FilteringAnother simple yet effective option in increasing your security posture is to deploy Domain Name System (DNS) based security and filtering. DNS is used to convert internet domain names into internet protocol (IP) addresses so that people can type in a friendly name, such as google.com, instead of remembering an IP address. The issue with DNS is that it was not designed with security in mind. In other words, standard DNS servers, either from your internet service provider or the widely used Google DNS servers, do not provide any safeguards to prevent you from going to malicious sites. As stated on the Google website:

Does Google Public DNS offer the ability to block or filter out unwanted sites?No. Google Public DNS is purely a DNS resolution and caching server; it does not perform any blocking or filtering of any kind, except that it may not resolve certain domains in extraordinary cases if we believe this is necessary to protect Google’s users from security threats. But we believe that blocking functionality is usually best performed by the client. If you are interested in enabling such functionality, you should consider installing a client-side application or browser add-on for this purpose.
(Source: https://developers.google.com/speed/public-dns/faq)

Secure DNS solutions, of which there are many, provide filtering of bad content such as phishing sites or botnets. The good news is that basic use of this type of service is free and can literally be set up in minutes, the only caveat being that you have no visibility into the data that is being blocked by the service. The paid service offers full notification of events as well as reporting and category-based filtering to block such things as adult websites, social media, and weapons and drug related content. The nicest part of this service is the simplicity of the setup.

DNS-based security services have been successful in preventing ransomware, phishing attacks, malicious sites and spyware. They can also help a company identify internal resources that have been compromised as these will continually be showing up in the logs as trying to communicate to bad infrastructure. In an instance like this the issue can be remedied before the damage is done. Additionally, most DNS security offerings provide solutions for equipment that is outside of the corporate network.

Keep in mind that these two often overlooked suggestions—your human firewall and DNS security—should be part of a more holistic solution that takes into account the complexities of protecting all aspects of your organization.

Contributed by Keith Chabot, IT Director from Marcil Lavallee. This piece was produced as a part of the quarterly Canadian Overview, a newsletter produced by the Canadian member firms of Moore Stephens North America.